Job Description

ECS is seeking a SOC Security Engineering Technician - Junior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program in Fairfax, VA In this role, the candidate supports Task 3 — Cybersecurity Operations Support by implementing, configuring, and maintaining security engineering solutions that enable SOC monitoring, detection, and response across ARNG enterprise environments. The position contributes directly to Defensive Cyberspace Operations – Internal Defensive Measures (DCO-IDM) by sustaining security tools, sensors, log forwarding, telemetry pipelines, configuration baselines, and remediation documentation, while coordinating with SOC, CTIC, CDAP, and infrastructure teams to preserve continuous monitoring and effective event correlation.

Please Note: This position is contingent upon contract award.

This role supports a mission environment delivering DoDIN services to more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. The technician helps defend classified and unclassified ARNG network environments that support Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and SIPRNet operations. The position operates within the ENOCS cyber ecosystem that includes USIEM analytics, EDR, IDS/IPS, DLP, SIEM/C2C data integration, Zeek metadata, Sysmon-informed MITRE ATT&CK analytics, eMASS artifact support, and coordination with the NETCOM Global Cyber Center and DISA DCDC to maintain visibility, alert fidelity, and cyber readiness across the DoDIN-A(NG) area of responsibility.

Responsibilities

• Implement, configure, and maintain security engineering capabilities that support SOC monitoring, threat detection, and response operations across ARNG enterprise environments.
• Integrate and sustain security tools, sensors, log forwarding mechanisms, and telemetry pipelines to improve monitoring coverage, event visibility, and correlation accuracy.
• Support continuous monitoring operations by validating security configuration baselines, assisting with system hardening, and troubleshooting issues that affect sensor performance or alert fidelity.
• Document configuration changes, technical adjustments, and remediation actions to support auditability, operational traceability, and RMF-aligned cybersecurity activities.
• Coordinate with SOC, CTIC, CDAP, and infrastructure teams to maintain uninterrupted monitoring and support cybersecurity engineering deliverables within Task 3 — Cybersecurity Operations Support.
• Support integration and tuning activities associated with USIEM, EDR, IDS/IPS, DLP, and related telemetry sources used for centralized visibility and machine-speed response across ARNG environments.
• Assist with maintaining data quality and log flow from relevant sources such as network sensors, Zeek metadata, and Sysmon-enabled monitoring to strengthen event analysis and MITRE ATT&CK-based detections.
• Work in coordination with NETCOM Global Cyber Center and DISA DCDC support constructs to sustain cybersecurity visibility across classified and unclassified enclaves within the DoDIN-A(NG) area of responsibility.
• Contribute to cybersecurity policy and compliance objectives by supporting evidence collection, artifact maintenance, and remediation tracking associated with ARNG and DoD cybersecurity requirements.

Qualifications

Required Qualifications

U.S. Citizenship is required

Security Clearance: Secret Eligible

Required Certifications: DCWF Work Role 521-Cyber Defense Infrastructure Support Specialist — Basic proficiency; must hold ONE OR MORE of the following: CC, A+, CND, GCLD, GDSA, GFACT, Network+

Experience: 3+ years of experience in cybersecurity

• Experience implementing or sustaining security engineering solutions used for monitoring, detection, and response in enterprise environments.
• Experience supporting security tools, sensors, log forwarding, or telemetry collection mechanisms used to maintain continuous monitoring coverage.
• Experience troubleshooting configuration issues affecting visibility, event correlation, or alert fidelity.
• Experience documenting configuration changes, remediation actions, and technical support activities in an operational cybersecurity environment.
• Experience working with cross-functional teams such as SOC, infrastructure, compliance, or engineering organizations to resolve monitoring and security tooling issues.
• Familiarity with RMF-related operational support activities, including maintenance of security documentation or remediation artifacts.
• Familiarity with classified and unclassified network security operations in DoD or similarly regulated enterprise environments.